CN117592093B - File encryption method, decryption method, encryption device and decryption device - Google Patents
File encryption method, decryption method, encryption device and decryption device Download PDFInfo
- Publication number
- CN117592093B CN117592093B CN202410079242.8A CN202410079242A CN117592093B CN 117592093 B CN117592093 B CN 117592093B CN 202410079242 A CN202410079242 A CN 202410079242A CN 117592093 B CN117592093 B CN 117592093B
- Authority
- CN
- China
- Prior art keywords
- file
- target
- preset
- ciphertext
- plaintext
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 56
- 238000013507 mapping Methods 0.000 claims description 9
- 238000012795 verification Methods 0.000 claims description 3
- 230000006870 function Effects 0.000 description 17
- 238000010586 diagram Methods 0.000 description 8
- 238000004590 computer program Methods 0.000 description 7
- 238000012986 modification Methods 0.000 description 5
- 230000004048 modification Effects 0.000 description 5
- 238000012545 processing Methods 0.000 description 4
- 230000010365 information processing Effects 0.000 description 3
- 230000004075 alteration Effects 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 230000006399 behavior Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 239000003795 chemical substances by application Substances 0.000 description 1
- 230000002349 favourable effect Effects 0.000 description 1
- 239000012634 fragment Substances 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000004806 packaging method and process Methods 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 238000003672 processing method Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
Abstract
The invention discloses a file encryption method, a file decryption method, an encryption device and a decryption device, which comprise the following steps: generating a target key according to a preset algorithm; encrypting the target plaintext file by adopting a target secret key to obtain a target ciphertext file corresponding to the target plaintext file; signing ciphertext in the target ciphertext file through a preset digital signature algorithm to obtain a first ciphertext; and merging and scrambling the target secret key and the first ciphertext according to a preset scrambling rule to obtain a target signature file, and storing the target signature file into a preset storage file. Reading a preset storage file and acquiring a storage path; judging whether the target signature file is in a preset storage file or not according to the storage path; if yes, verifying whether the signature is correct; if the first ciphertext in the target signature file is correct, decrypting the first ciphertext to obtain a first plaintext corresponding to the first ciphertext; and returning the target plaintext file corresponding to the first plaintext to the target client.
Description
Technical Field
The present invention relates to the field of information security, and in particular, to a file encryption method, a file decryption method, an encryption device, and a decryption device.
Background
File encryption is a technique for protecting the security of file contents, such that unauthorized users cannot directly read or understand the file contents by encrypting the file contents. File encryption typically includes the following steps: selecting an encryption algorithm-generating a key-encrypting a file-storing or transmitting-decrypting the file. In practical applications, file encryption may be used to protect the security of sensitive data.
At present, a Java agent mode is mainly adopted, a custom classloader is loaded, and byte code data loaded into jvm are decrypted; or dynamically generating a go program starter, acquiring a key at the running time, and decrypting the byte code in a customized classloader. However, the existing encryption method has a large limitation, and can not encrypt the third party library or the configuration file well. Accordingly, there is a need to provide an encryption technique that ameliorates the limitations of existing encryption techniques.
Disclosure of Invention
The file encryption method, the file decryption method, the file encryption device and the file decryption device solve the technical problem that the limitations of the existing encryption technology in the prior art are large, and achieve the technical effect of reducing the limitations of the existing encryption technology.
In a first aspect, the present application provides a method for encrypting a file, including:
generating a target key according to a preset algorithm;
encrypting the target plaintext file by adopting a target secret key to obtain a target ciphertext file corresponding to the target plaintext file;
signing ciphertext in the target ciphertext file through a preset digital signature algorithm to obtain a first ciphertext;
and merging and scrambling the target secret key and the first ciphertext according to a preset scrambling rule to obtain a target signature file, and storing the target signature file into a preset storage file.
Further, storing the target signature file in a preset storage file includes:
and storing the target signature file into a preset storage file in the same path as the target plaintext file, wherein the preset storage file is a hidden file.
Further, the method comprises the steps of:
the preset algorithm is a bit value mapping algorithm, and the target key generated according to the bit value mapping algorithm is a random key.
In a second aspect, the present application provides a file decryption method, where the method includes:
reading a preset storage file according to a preset application program, and acquiring a storage path of a target signature file in the preset storage file;
judging whether the target signature file is in a preset storage file or not according to the storage path;
if yes, verifying whether the signature of the target signature file is correct;
if the first ciphertext in the target signature file is correct, decrypting the first ciphertext according to the target key to obtain a first plaintext corresponding to the first ciphertext;
and returning the target plaintext file corresponding to the first plaintext to the target client.
Further, reading a preset storage file according to a preset application program, and acquiring a storage path of a target signature file in the preset storage file, wherein the method comprises the following steps:
the preset application program is a hijacking application program, and the hijacking application program obtains a storage path of a target signature file in the preset storage file by reading a system corresponding to the preset storage file.
Further, according to the storage path, judging whether the target signature file is in the preset storage file, and further comprising:
and if the target signature file does not exist in the preset storage file, feeding back the information that the target signature file does not exist to the target client.
Further, decrypting the first ciphertext in the target signature file according to the target key to obtain a first plaintext corresponding to the first ciphertext, including:
reading a first ciphertext in the target signature file in a preset buffer area;
decrypting the first ciphertext in a preset buffer area according to a preset algorithm and a target key to obtain a first plaintext corresponding to the first ciphertext;
the target key and the first ciphertext are discarded and a target plaintext file is generated that contains the first plaintext.
Further, before the preset storage file is read according to the preset application program, the method includes:
constructing a preset application program, wherein the preset application program is a hijacking application program, the hijacking application program is used for reading preset storage files, and a function of the hijacking application program is used for adding dynamic parameters to a storage system corresponding to the preset storage files;
after the preset application program is constructed, the preset application program is embedded into a storage system corresponding to the preset storage file based on the hook function.
In a third aspect, the present application provides a file encrypting apparatus, the file encrypting apparatus comprising:
the key generation module is used for generating a target key according to a preset algorithm;
the encryption module is used for encrypting the target plaintext file by adopting the target key to obtain a target ciphertext file corresponding to the target plaintext file;
the ciphertext determining module is used for signing the ciphertext in the target ciphertext file through a preset digital signature algorithm to obtain a first ciphertext;
and the storage module is used for merging and scrambling the target secret key and the first ciphertext according to a preset scrambling rule to obtain a target signature file, and storing the target signature file into a preset storage file.
In a fourth aspect, the present application provides a document decryption apparatus, including:
the reading module is used for reading a preset storage file according to a preset application program and acquiring a storage path of a target signature file in the preset storage file;
the storage judging module is used for judging whether the target signature file is in a preset storage file or not according to the storage path;
the signature verification module is used for verifying whether the signature of the target signature file is correct or not if the target signature file is in the preset storage file;
the decryption module is used for decrypting the first ciphertext in the target signature file according to the target key if the signature of the target signature file is correct, so as to obtain a first plaintext corresponding to the first ciphertext;
and the return module is used for returning the target plaintext file corresponding to the first plaintext to the target client.
One or more technical solutions provided in the embodiments of the present application at least have the following technical effects or advantages:
generating a target key according to a preset algorithm; encrypting the target plaintext file by adopting a target secret key to obtain a target ciphertext file corresponding to the target plaintext file; signing ciphertext in the target ciphertext file through a preset digital signature algorithm to obtain a first ciphertext; and merging and scrambling the target secret key and the first ciphertext according to a preset scrambling rule to obtain a target signature file, and storing the target signature file into a preset storage file. In the prior art, the encryption limitation is large, and the method and the device can encrypt files or data in various forms, so that the limitation of file encryption is reduced.
The method comprises the steps of obtaining a target signature file in a preset storage file, and obtaining a storage path of the target signature file in the preset storage file; judging whether the target signature file is in a preset storage file or not according to the storage path; if yes, verifying whether the signature of the target signature file is correct; if the first ciphertext in the target signature file is correct, decrypting the first ciphertext according to the target key to obtain a first plaintext corresponding to the first ciphertext; and returning the target plaintext file corresponding to the first plaintext to the target client. The application provides a file decryption method corresponding to the file encryption method. The file decryption method provided by the application has small limitation and is applied in a larger range.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required for the description of the embodiments will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic flow chart of a file encryption method provided in the present application;
FIG. 2 is a flow chart of another method for encrypting files provided in the present application;
FIG. 3 is a schematic flow chart of a file decryption method provided in the present application;
FIG. 4 is a flowchart illustrating another method for decrypting a file according to the present application;
fig. 5 is a schematic structural diagram of a file encryption device provided in the present application;
fig. 6 is a schematic structural diagram of a file decrypting apparatus provided in the present application.
Detailed Description
The embodiment of the application solves the technical problem that the existing encryption technology in the prior art is relatively limited by providing the file encryption method.
The technical scheme of the embodiment of the application aims to solve the technical problems, and the overall thought is as follows:
a method of encrypting a file, the method comprising: generating a target key according to a preset algorithm; encrypting the target plaintext file by adopting a target secret key to obtain a target ciphertext file corresponding to the target plaintext file; signing ciphertext in the target ciphertext file through a preset digital signature algorithm to obtain a first ciphertext; and merging and scrambling the target secret key and the first ciphertext according to a preset scrambling rule to obtain a target signature file, and storing the target signature file into a preset storage file.
In order to better understand the above technical solutions, the following detailed description will refer to the accompanying drawings and specific embodiments.
First, the term "and/or" appearing herein is merely an association relationship describing associated objects, meaning that there may be three relationships, e.g., a and/or B, may represent: a exists alone, A and B exist together, and B exists alone. In addition, the character "/" herein generally indicates that the front and rear associated objects are an "or" relationship.
The application provides a file encryption method as shown in fig. 1, which comprises steps S11-S14. (A document encryption method provided in this application may be referred to in conjunction with FIG. 2)
Step S11, generating a target key according to a preset algorithm.
And step S12, encrypting the target plaintext file by adopting a target key to obtain a target ciphertext file corresponding to the target plaintext file.
And step S13, signing ciphertext in the target ciphertext file through a preset digital signature algorithm to obtain a first ciphertext.
And S14, merging and scrambling the target key and the first ciphertext according to a preset scrambling rule to obtain a target signature file, and storing the target signature file into a preset storage file.
With respect to S11, a target key is generated according to a preset algorithm.
A target key may be generated using a preset algorithm, where the target key is a target encryption key used to encrypt the file. Furthermore, the preset algorithm may be a bit value mapping algorithm, and the bit value mapping algorithm has the advantages of high memory utilization rate, strong dynamic adaptability, less external fragments, supporting large object allocation and the like, and the target encryption key generated by the bit value mapping algorithm is a random key, so that it can be understood that the confidentiality of the random key is stronger than that of the fixed key.
With regard to step S12, the target plaintext file is encrypted with the target key, and the target ciphertext file corresponding to the target plaintext file is obtained.
After the target key (target encryption key) is determined, the target plaintext file to be encrypted may be encrypted by using the target encryption key, and it should be noted that only the file content in the target plaintext file may be encrypted, and the target ciphertext file corresponding to the target plaintext file may be obtained after the plaintext file is encrypted.
And step S13, signing ciphertext in the target ciphertext file through a preset digital signature algorithm to obtain a first ciphertext.
After the target ciphertext file is obtained, a preset digital signature algorithm can be adopted to sign ciphertext in the target ciphertext file. The preset digital signature algorithm may be selected according to practical situations, for example, a message authentication code algorithm, etc. The preset digital signature algorithm is used for marking an identity tag for the content in the current target ciphertext file, and after signing the ciphertext in the target ciphertext file, a first ciphertext can be obtained.
Regarding step S14, the target key and the first ciphertext are combined and scrambled according to a preset scrambling rule, so as to obtain a target signature file, and the target signature file is stored in a preset storage file.
And packaging the target key (target encryption key) and the first ciphertext, and scrambling the packaged target key and the first ciphertext according to a preset scrambling rule to obtain the target signature file. After the signature file is obtained, storing the target signature file into a preset storage file.
Furthermore, the target signature file may be stored in a preset storage file in the same path as the target plaintext file, and the preset storage file is a hidden file. It can be understood that storing the target signature file in the preset storage file in the same path as the target plaintext file is beneficial to file reading and storing, so that encryption efficiency is higher. On the other hand, when the preset storage file is a hidden file, the security of encryption can be improved.
In summary, the present application generates the target key according to the preset algorithm; encrypting the target plaintext file by adopting a target secret key to obtain a target ciphertext file corresponding to the target plaintext file; signing ciphertext in the target ciphertext file through a preset digital signature algorithm to obtain a first ciphertext; and merging and scrambling the target secret key and the first ciphertext according to a preset scrambling rule to obtain a target signature file, and storing the target signature file into a preset storage file. In the prior art, the encryption limitation is large, and the method and the device can encrypt files or data in various forms, so that the limitation of file encryption is reduced.
The application also provides a file decryption method as shown in fig. 3, which corresponds to the file encryption method, and comprises steps S101-S105: (A document decryption method provided in this application may also be referred to in conjunction with FIG. 4)
Step S101, reading a preset storage file according to a preset application program, and acquiring a storage path of a target signature file in the preset storage file.
Step S102, judging whether the target signature file is in a preset storage file according to the storage path.
Step S103, if at present, verifying whether the signature of the target signature file is correct.
And step S104, if the first ciphertext in the target signature file is correct, decrypting the first ciphertext according to the target key to obtain a first plaintext corresponding to the first ciphertext.
Step S105, returning the target plaintext file corresponding to the first plaintext to the target client.
Before executing step S101, it includes:
constructing a preset application program, wherein the preset application program is a hijacking application program, the hijacking application program is used for reading preset storage files, and a function of the hijacking application program is used for adding dynamic parameters to a storage system corresponding to the preset storage files;
it should be emphasized that the preset application program constructed in the present application may be a hijacking application program, where the hijacking application program includes hijacking files. And writing a hijacking application program comprising the hijacking file to enable the hijacking file to read the system call, and performing decryption operation in a main function of a storage system corresponding to the preset storage file. The function hijacking the application may add additional parameters or functions to the main function of the application by injecting code when the storage system is running for enabling control of the behavior of the storage system.
Based on the hook function, the preset application program is embedded into a storage system corresponding to the preset storage file, specifically, based on the hook function, the hijacking application program can be embedded into the storage system corresponding to the preset storage file through an interface (such as a file reading system call) provided by an operating system, so as to read the preset storage file. The hook function refers to: by setting "hooks", all data is filtered, and data which is difficult to access under normal conditions is accessed. Based on the hook function, the hijacking application program can be embedded into the corresponding storage system through system call.
Steps S101-S105 may be accomplished based on a preset application.
With regard to step S101, a preset storage file is read according to a preset application program, and a storage path of a target signature file in the preset storage file is obtained.
Further, the preset application program is a hijacking application program, and it is emphasized that the hijacking application program is not a hijacking application program aiming at attacking or tampering with other files in the prior art, and the purpose of the hijacking application program in the application is to decrypt a target signature file stored in a preset storage file of the application program, but is not used for attacking or tampering with other files. In other words, the "hijacking application" or "hijacking file" in the present application is only the name in the present application, and is only used to read the stored file of the application itself, and is not used to attack or tamper with other people's files.
The hijacking application program can acquire the storage path of the target signature file in the preset storage file by reading the system corresponding to the preset storage file.
With respect to step S102, it is determined whether the target signature file is in the preset storage file according to the storage path.
After the storage path is obtained, a search may be performed according to the storage path to determine whether the target signature file is in the preset storage file, and if so, step S103 may be performed. If the target signature file does not exist in the preset storage file, feeding back the information of the target signature file which does not exist to the target client side so that the target client side can display the information of the target signature file which does not exist, and viewing by related personnel.
With respect to step S103, if at this point, it is verified whether the signature of the target signature file is correct.
If the target signature file is in the preset storage file, judging whether the signature in the target signature file is correct, and when the signature in the target signature file is correct, describing the integrity, the authenticity and the non-repudiation of the target signature file.
If the signature of the target signature file is incorrect, feeding back information of the incorrect signature of the target signature file to the target client side so that the target client side can display the information of the incorrect signature of the target signature file for relevant personnel to check.
In step S104, if the first ciphertext in the target signature file is correct, the first ciphertext is decrypted according to the target key, and a first plaintext corresponding to the first ciphertext is obtained.
Specifically, decrypting the first ciphertext in the target signature file according to the target key to obtain a first plaintext corresponding to the first ciphertext, including: reading a first ciphertext in the target signature file in a preset buffer area; decrypting the first ciphertext in a preset buffer area according to a preset algorithm and a target key to obtain a first plaintext corresponding to the first ciphertext; the target key and the first ciphertext are discarded and a target plaintext file is generated that contains the first plaintext.
It can be understood that the first ciphertext in the target signature file is read in the preset buffer area, which is favorable for improving the decryption efficiency and accelerating the encryption speed. It is also understood that the target key herein is a target decryption key, and corresponds to the target encryption key one-to-one (or the target decryption key is also the target encryption key).
The target plaintext file of the first plaintext may not be generated, and the content of the first plaintext may be directly returned to the target client alone.
In step S105, the target plaintext file containing the first plaintext is returned to the target client.
After obtaining the content of the target plaintext file or the first plaintext, the content of the target plaintext file or the first plaintext may be returned to the target client, so that the related personnel can view the decrypted content of the target plaintext file or the first plaintext.
In summary, the present application reads a preset storage file according to a preset application program, and obtains a storage path of a target signature file in the preset storage file; judging whether the target signature file is in a preset storage file or not according to the storage path; if yes, verifying whether the signature of the target signature file is correct; if the first ciphertext in the target signature file is correct, decrypting the first ciphertext according to the target key to obtain a first plaintext corresponding to the first ciphertext; and returning the target plaintext file corresponding to the first plaintext to the target client. The application provides a file decryption method corresponding to the file encryption method. The file decryption method provided by the application has small limitation and is applied in a larger range.
Based on the same inventive concept, the present application provides a file encrypting apparatus as shown in fig. 5, the file encrypting apparatus comprising:
a key generation module 51, configured to generate a target key according to a preset algorithm;
the encryption module 52 is configured to encrypt the target plaintext file with a target key to obtain a target ciphertext file corresponding to the target plaintext file;
the ciphertext determining module 53 is configured to sign ciphertext in the target ciphertext file by using a preset digital signature algorithm, so as to obtain a first ciphertext;
the storage module 54 is configured to combine and scramble the target key and the first ciphertext according to a preset scrambling rule, obtain a target signature file, and store the target signature file in a preset storage file.
Further, a storage module 54 is configured to:
and storing the target signature file into a preset storage file in the same path as the target plaintext file, wherein the preset storage file is a hidden file.
Further, the method comprises the steps of:
the preset algorithm is a bit value mapping algorithm, and the target key generated according to the bit value mapping algorithm is a random key.
Based on the same inventive concept, the present application provides a file encrypting apparatus as shown in fig. 6, the file decrypting apparatus comprising:
a reading module 61, configured to read a preset storage file according to a preset application program, and obtain a storage path of a target signature file in the preset storage file;
a storage judging module 62, configured to judge whether the target signature file is in a preset storage file according to the storage path;
a signature verification module 63, configured to verify whether the signature of the target signature file is correct if the target signature file is in the preset storage file;
the decryption module 64 is configured to decrypt the first ciphertext in the target signature file according to the target key if the signature of the target signature file is correct, so as to obtain a first plaintext corresponding to the first ciphertext;
and the returning module 65 is configured to return the target plaintext file corresponding to the first plaintext to the target client.
Further, the reading module 61 is configured to:
reading a preset storage file according to a preset application program, and acquiring a storage path of a target signature file in the preset storage file, wherein the method comprises the following steps: the preset application program is a hijacking application program, and the hijacking application program obtains a storage path of a target signature file in the preset storage file by reading a system corresponding to the preset storage file.
Further, the storage judgment module 62 is configured to:
judging whether the target signature file is in a preset storage file according to the storage path, and further comprising: and if the target signature file does not exist in the preset storage file, feeding back the information that the target signature file does not exist to the target client.
Further, the decryption module 64 is configured to:
decrypting the first ciphertext in the target signature file according to the target key to obtain a first plaintext corresponding to the first ciphertext, including: reading a first ciphertext in the target signature file in a preset buffer area;
decrypting the first ciphertext in a preset buffer area according to a preset algorithm and a target key to obtain a first plaintext corresponding to the first ciphertext;
the target key and the first ciphertext are discarded and a target plaintext file is generated that contains the first plaintext.
Further, before the preset storage file is read according to the preset application program, the method further comprises:
constructing a preset application program, wherein the preset application program is a hijacking application program, the hijacking application program is used for reading preset storage files, and a function of the hijacking application program is used for adding dynamic parameters to a storage system corresponding to the preset storage files;
after the preset application program is constructed, the preset application program is embedded into a storage system corresponding to the preset storage file based on the hook function.
Since the electronic device described in this embodiment is an electronic device used to implement the method of information processing in this embodiment, those skilled in the art will be able to understand the specific implementation of the electronic device and various modifications thereof based on the method of information processing described in this embodiment, so how the method of this embodiment is implemented in this electronic device will not be described in detail herein. The electronic device used by those skilled in the art to implement the information processing method in the embodiments of the present application falls within the scope of protection intended by the present application.
It will be appreciated by those skilled in the art that embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. It is therefore intended that the following claims be interpreted as including the preferred embodiments and all such alterations and modifications as fall within the scope of the invention.
It will be apparent to those skilled in the art that various modifications and variations can be made to the present invention without departing from the spirit or scope of the invention. Thus, it is intended that the present invention also include such modifications and alterations insofar as they come within the scope of the appended claims or the equivalents thereof.
Claims (6)
1. A file encryption and decryption method is characterized in that the encryption step comprises the following steps:
generating a target key according to a preset algorithm;
encrypting a target plaintext file by adopting the target key to obtain a target ciphertext file corresponding to the target plaintext file;
signing ciphertext in the target ciphertext file through a preset digital signature algorithm to obtain a first ciphertext;
combining and scrambling the target secret key and the first ciphertext according to a preset scrambling rule to obtain a target signature file, and storing the target signature file into a preset storage file;
the decryption step comprises the following steps:
reading a preset storage file according to a preset application program, and acquiring a storage path of a target signature file in the preset storage file, wherein the preset application program is a hijacking application program, and the hijacking application program acquires the storage path of the target signature file in the preset storage file by reading a system corresponding to the preset storage file;
judging whether the target signature file is in the preset storage file or not according to the storage path;
if yes, verifying whether the signature of the target signature file is correct;
if so, decrypting the first ciphertext in the target signature file according to the target key to obtain a first plaintext corresponding to the first ciphertext, wherein the method comprises the following steps: reading a first ciphertext in the target signature file in a preset buffer area; decrypting the first ciphertext in the preset buffer area according to a preset algorithm and the target key to obtain a first plaintext corresponding to the first ciphertext; discarding the target key and the first ciphertext, and generating a target plaintext file containing the first plaintext;
and returning the target plaintext file corresponding to the first plaintext to the target client.
2. The method for encrypting and decrypting the file according to claim 1, wherein storing the target signature file in a preset storage file comprises:
and storing the target signature file into a preset storage file in the same path as the target plaintext file, wherein the preset storage file is a hidden file.
3. The method for encrypting and decrypting the file according to claim 1, comprising:
the preset algorithm is a bit value mapping algorithm, and the target key generated according to the bit value mapping algorithm is a random key.
4. The method for encrypting and decrypting a file according to claim 1, wherein said determining whether the target signature file is in the preset storage file according to the storage path further comprises:
and if the target signature file does not exist in the preset storage file, feeding back information of the target signature file which does not exist to the target client.
5. The method for encrypting and decrypting a file according to claim 1, comprising, before reading a preset storage file according to a preset application program:
the preset application program is constructed, the preset application program is a hijacking application program, the hijacking application program is used for reading the preset storage file, and a function of the hijacking application program is used for adding dynamic parameters to a storage system corresponding to the preset storage file;
after the preset application program is constructed, the preset application program is embedded into a storage system corresponding to a preset storage file based on a hook function.
6. A document encrypting and decrypting apparatus, the apparatus comprising:
the key generation module is used for generating a target key according to a preset algorithm;
the encryption module is used for encrypting the target plaintext file by adopting the target key to obtain a target ciphertext file corresponding to the target plaintext file;
the ciphertext determining module is used for signing the ciphertext in the target ciphertext file through a preset digital signature algorithm to obtain a first ciphertext;
the storage module is used for merging and scrambling the target secret key and the first ciphertext according to a preset scrambling rule to obtain a target signature file, and storing the target signature file into a preset storage file;
the reading module is used for reading a preset storage file according to a preset application program and acquiring a storage path of a target signature file in the preset storage file;
the storage judging module is used for judging whether the target signature file is in the preset storage file or not according to the storage path;
the signature verification module is used for verifying whether the signature of the target signature file is correct or not if the target signature file is in the preset storage file;
the decryption module is configured to decrypt, if the signature of the target signature file is correct, a first ciphertext in the target signature file according to a target key to obtain a first plaintext corresponding to the first ciphertext, where the decryption module includes: reading a first ciphertext in the target signature file in a preset buffer area; decrypting the first ciphertext in the preset buffer area according to a preset algorithm and the target key to obtain a first plaintext corresponding to the first ciphertext; discarding the target key and the first ciphertext, and generating a target plaintext file containing the first plaintext;
and the return module is used for returning the target plaintext file corresponding to the first plaintext to the target client.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410079242.8A CN117592093B (en) | 2024-01-19 | 2024-01-19 | File encryption method, decryption method, encryption device and decryption device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410079242.8A CN117592093B (en) | 2024-01-19 | 2024-01-19 | File encryption method, decryption method, encryption device and decryption device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN117592093A CN117592093A (en) | 2024-02-23 |
| CN117592093B true CN117592093B (en) | 2024-04-05 |
Family
ID=89913777
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202410079242.8A Active CN117592093B (en) | 2024-01-19 | 2024-01-19 | File encryption method, decryption method, encryption device and decryption device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117592093B (en) |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101626293A (en) * | 2008-07-09 | 2010-01-13 | 上海格尔软件股份有限公司 | Method for encryption protection and decryption of data |
| US8180708B2 (en) * | 1998-08-13 | 2012-05-15 | International Business Machines Corporation | Watermarking system that executes received watermarking instructions to embed a watermark |
| CN110611659A (en) * | 2019-08-21 | 2019-12-24 | 南瑞集团有限公司 | Method, device and system for protecting service essence of power monitoring system |
| CN110661621A (en) * | 2018-06-28 | 2020-01-07 | 中车株洲电力机车研究所有限公司 | Mixed encryption and decryption method based on HMAC, AES and RSA |
| CN111475824A (en) * | 2020-03-23 | 2020-07-31 | 深圳前海百递网络有限公司 | Data access method, device, equipment and storage medium |
| CN112651031A (en) * | 2020-12-14 | 2021-04-13 | 展讯半导体(成都)有限公司 | Digital signature method, digital signature verification method, electronic device and storage medium |
| CN113132099A (en) * | 2021-04-06 | 2021-07-16 | 鼎铉商用密码测评技术(深圳)有限公司 | Method and device for encrypting and decrypting transmission file based on hardware password equipment |
| CN114422156A (en) * | 2022-03-31 | 2022-04-29 | 北京国电通网络技术有限公司 | Bidding file compensation authentication method and system based on block chain |
| CN114896608A (en) * | 2021-05-26 | 2022-08-12 | 杭州云象网络技术有限公司 | Method, medium and device for realizing hardware password interface by adopting go language |
| CN116015846A (en) * | 2022-12-24 | 2023-04-25 | 上海浦东发展银行股份有限公司 | Identity authentication method, identity authentication device, computer equipment and storage medium |
-
2024
- 2024-01-19 CN CN202410079242.8A patent/CN117592093B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8180708B2 (en) * | 1998-08-13 | 2012-05-15 | International Business Machines Corporation | Watermarking system that executes received watermarking instructions to embed a watermark |
| CN101626293A (en) * | 2008-07-09 | 2010-01-13 | 上海格尔软件股份有限公司 | Method for encryption protection and decryption of data |
| CN110661621A (en) * | 2018-06-28 | 2020-01-07 | 中车株洲电力机车研究所有限公司 | Mixed encryption and decryption method based on HMAC, AES and RSA |
| CN110611659A (en) * | 2019-08-21 | 2019-12-24 | 南瑞集团有限公司 | Method, device and system for protecting service essence of power monitoring system |
| CN111475824A (en) * | 2020-03-23 | 2020-07-31 | 深圳前海百递网络有限公司 | Data access method, device, equipment and storage medium |
| CN112651031A (en) * | 2020-12-14 | 2021-04-13 | 展讯半导体(成都)有限公司 | Digital signature method, digital signature verification method, electronic device and storage medium |
| CN113132099A (en) * | 2021-04-06 | 2021-07-16 | 鼎铉商用密码测评技术(深圳)有限公司 | Method and device for encrypting and decrypting transmission file based on hardware password equipment |
| CN114896608A (en) * | 2021-05-26 | 2022-08-12 | 杭州云象网络技术有限公司 | Method, medium and device for realizing hardware password interface by adopting go language |
| CN114422156A (en) * | 2022-03-31 | 2022-04-29 | 北京国电通网络技术有限公司 | Bidding file compensation authentication method and system based on block chain |
| CN116015846A (en) * | 2022-12-24 | 2023-04-25 | 上海浦东发展银行股份有限公司 | Identity authentication method, identity authentication device, computer equipment and storage medium |
Non-Patent Citations (2)
| Title |
|---|
| 基于TrustZone技术的数据安全加密方法的研究与实现;黄顺锐;《中国优秀硕士学位论文全文数据库 信息科技辑》;20190815(第08期);I138-66 * |
| 基于数据加密技术的计算机网络数据安全传输方法;李明国;《信息与电脑(理论版)》;20220810;第34卷(第15期);229-231 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN117592093A (en) | 2024-02-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109933995B (en) | User sensitive data protection and system based on cloud service and block chain | |
| EP0792044B1 (en) | Device and method for authenticating user's access rights to resources according to the Challenge-Response principle | |
| US5987134A (en) | Device and method for authenticating user's access rights to resources | |
| KR100436377B1 (en) | Method and system for securely handling information between two information processing devices | |
| US7155745B1 (en) | Data storage device provided with function for user's access right | |
| EP2420949B1 (en) | Information processing system, information processing method, information processing program, computer readable medium and computer data signal | |
| CN109728914B (en) | Digital signature verification method, system, device and computer readable storage medium | |
| EP3732609A1 (en) | Secure crypto system attributes | |
| JPH09270785A (en) | Information processor | |
| CN111917540B (en) | Data encryption and decryption method and device, mobile terminal and storage medium | |
| JP2007522739A (en) | One-way authentication | |
| KR20100120671A (en) | Securing a smart card | |
| US20100095132A1 (en) | Protecting secrets in an untrusted recipient | |
| CN113128999B (en) | Block chain privacy protection method and device | |
| CN109190401A (en) | A kind of date storage method, device and the associated component of Qemu virtual credible root | |
| Bala et al. | Secure File Storage In Cloud Computing Using Hybrid Cryptography Algorithm. | |
| CN110837634B (en) | Electronic signature method based on hardware encryption machine | |
| US7779269B2 (en) | Technique for preventing illegal invocation of software programs | |
| CN106789051B (en) | method, device and computing equipment for protecting files | |
| CN117592093B (en) | File encryption method, decryption method, encryption device and decryption device | |
| CN112532379A (en) | File protection method and device | |
| GB2308282A (en) | Secret crytptographic key is split to reduce work factor | |
| CN108242997B (en) | Method and apparatus for secure communication | |
| CN114816549B (en) | Method and system for protecting bootloader and environment variable thereof | |
| KR101188659B1 (en) | Method for protecting the digital contents between player and cartridges |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |